You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Infected with a key logger; Antivir and Emsisoft having issues running

my laptop is infected with a key logger. Avira detected it at first with a notification and a voice (not sure what program the voice was from that stated a key logger was installed). I followed the manual remove of malware by installing malwarebytes and Emsisoft and ran them with Avira. Avira scan kept stopping halfway. Emsisoft completed a full scan and found nothing, but now says it can't open as it's waiting for a service to start (perhaps I turned something off during the Autoruns tutorial). Malwarebytes found PUP.Optional.Showpass x 2 and PUP.Optional.BestPriceNinja x 2. Avira is working now but doesn't report anything else.

My name is Alexstrasza and I will assist you with your problem. You can call me Alex

Before we begin, there are a few things I want to make sure you know:

I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.

Make sure to read my instructions fully before attempting a step.

If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.

Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.

Important information in my posts will often be in bold, make sure to take note of these.

I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.

Please stay with me until I have confirmed that you are clean. Absence of symptoms does not mean that the computer is clean.

Shall we begin then?

===

Meanwhile please give me some time to review your logs and I will be back with instructions.

They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.If you wish to keep it, please do not use it until your computer is cleaned.

===

Pirated software

Bleeping Computer does not allow the use of pirated software.

The practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity, but it is a serious security risk which can turn a computer into a virus honeypot or zombie.When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system sobadly damaged that recovery is not possible, and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.If you want to read on then the full post is here.

I will help you clean your machine, but please remember that this is a one-time deal. After that I will refuse further assistance.

===

If it is possible, please retrieve the protection log from Avira that shows the detection and post it here. I do not use Avira though, so I will be unable to provide you with instructions unfortunately.

===

Fix with Farbar Recovery Scan Tool

Please download the attached fixlist.txt and save it to your Desktop.Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!

Run FRST/FRST64.exe and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.

When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.

Yes, I'm still with you. I have gone through all the steps in your 2nd to last post and will post the results tonight. I had some important events over the weekend I had to attend, but I can post the results tonight when I get home from work. I ran the scan during the last night and it found one potentially unwanted program - uTorrent.exe. I forgot to remove the install exe from the downloads folder.

I can post the results tonight.

Thank your for all your help so far. I really appreciate it. You are all doing such a great service!!!

The computer seems to be still running very slow. I'm still very cautious of typing in passwords. I was considering rolling back to a restore point or completely wiping it with a new install of windows.

There wasn't anything quarantined in Avira. I thought that the voice and warning was avira but it must not have been since there is no log or quarantine of any kind in Avira. I can't quite remember the date that it happened, I think it was the 3rd of December, so I included the real-time logs of all of December.